(Some of this is my personal opinion; I don't claim to be a security expert.)
Andreas von Heydwolff <[EMAIL PROTECTED]> writes: > My home dir contains no database files but lots of proprietary > WordPerfect docs, pdfs, oggs/mp3s/wavs and jpgs and my mail > archive. The thing you're mostly worried about is things that can have executable code in them. Your PDFs, pictures, and music are probably all okay (unless you picked up something that was intentionally going after them); I'd be a little worried about scripting code buried in the WordPerfect files. But it's not like you have a bunch of things compiled by hand in your home directory that are potentially infected, it sounds like. > It is always mounted noexec,nosuid,nodev,user. (This isn't much security; the attacker is almost certainly root so nosuid is irrelevant, and if you have /home/me/bin/foo you can explicitly run '/lib/ld-linux.so /home/me/bin/foo' to run the binary regardless of noexecness.) > And, lastly for now: The /var/crackdir dir has a timestamp X. Does > this mean the crack most probably did not happen before day X? See touch(1). The timestamp is completely meaningless. -- David Maze [EMAIL PROTECTED] http://people.debian.org/~dmaze/ "Theoretical politics is interesting. Politicking should be illegal." -- Abra Mitchell -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
